Second helping of FBI’s Bot Roast serves eight

The FBI on Thursday announced that eight individuals have been indicted, have pled guilty or have been sentenced to prison over the past few months for crimes related to botnet activity.

In addition, it said that 13 search warrants were served in the U.S. and by overseas law enforcement authorities on individuals thought to be connected with botnet-related activities. Among those whose residences were searched was an individual in New Zealand who uses the online username AKILL and is believed to be the leader of an international botnet coding group, according to the FBI’s statement.

All of the individuals were targeted as part of the FBI’s ongoing Operation Bot Roast, first announced in June, under which the agency is conducting a coordinated domestic and international campaign to disrupt the activities of the so-called bot herders who operate the networks of hijacked computers.

So far, the operation has uncovered more than $20 million in losses to consumers and businesses and more than 2 million infected PCs, according to the FBI.

Botnets are vast networks of compromised, or “zombie,” systems, each of which can be remotely commanded by a malicious attacker to carry out tasks such as forwarding spam messages or participating in denial-of-service attacks against specific targets. Botnets can range from a few hundred computers to networks made up of tens of thousands of zombies. They are believed to be at the root of a vast majority of cybercrime activities these days.

When it announced the first phase of Operation Bot Roast in June, the FBI said it had detected more than 1 million bot-infected PCs and arrested three individuals for using botnets for everything from spamming to infecting hospital systems.

Not just leftovers

Today’s announcement summarized the successes of Phase II of Operation Bot Roast.

A spokesman from the FBI’s national press office said that during the second phase of Bot Roast, the FBI once again had uncovered over a million bot-infested PCs that were being used for a variety of purposes, including spamming, phishing and identity theft. The agency is currently working to see if it can identify the owners of the infected systems and notify them of the issue, he said. He added that it is not clear yet how many of the infected systems are in North America.

Among those netted in Phase II of Operation Bot Roast were:

• Ryan Brett Goldstein, a 21-year-old native of Ambler, Pa., who was indicted on Nov. 1 for using a botnet to cause a distributed denial-of-service attack against an unidentified Philadelphia-area university. Court documents show that Goldstein, who used the online name Digerati, was a student at the university and sought the help of an unidentified bot herder to launch a DOS attack against an IRC group that had banned him from participating in it. In addition, Goldstein got the bot owner to also launch attacks against two other IRC groups and against a Web site.
• Adam Sweaney, 27, of Tacoma, Wash., who pleaded guilty on Sept. 24 to one felony fraud charge for leasing out bot-infected computers to others and then using them to launch DOS attacks, and for forwarding spam. Court documents show that Sweaney also offered to sell 50 million e-mail addresses for $500 and promised takers an 87% delivery rate.
• Gregory King, 21, from Fairfield, California, who was indicted in September by a federal grand jury on four counts of transmission of code to cause damage to a protected computer. King, who employed several online aliases, including Silenz, Silenz420 and Gregk707, allegedly used botnets to carry out denial-of-service attacks against various companies, including an antiphishing Web site.

Also caught in the FBI sweep was John Schiefer, a former security researcher who admitted to hijacking a quarter of a million PCs with the intent to steal bank and PayPal account information and to plant adware on the compromised systems. Schiefer, who was also known as Acidstorm and Acid, was a former security consultant at 3G Communications Corp. in Los Angeles and was the first to be charged under federal wiretap statutes for using a botnet.

Three of the individuals named in today’s FBI’s announcement were sentenced to prison terms ranging from 12 months to 42 months.

It’s a small world after all

Today’s FBI announcement is sending the right message to bot herders, said Dave Marcus, a security researcher at McAfee Avert Labs. “It tells them they can’t hide, or they have to do a lot better at hiding themselves” going forward, Marcus said.

What’s especially encouraging is the fact that the FBI appears to have garnered quite a bit of support from overseas law enforcement in its efforts, Marcus said. “I like the fact that search warrants were served in other countries” in connection with the FBI initiative, he said. “This crime is global in nature; it’s not just a U.S.-centric thing,” he said.

According to the FBI spokesman, the support from overseas law enforcement has been “exceptional” so far. “It’s absolutely necessary. We can’t do these types of investigations without close cooperation from our international partners,” he said.

“Since botnets are at the root of nearly all cybercrime activities that we see on the Internet today, the significant deterrence value that arrests and prosecutions such as these provide cannot be underestimated.”